6.2

CVE-2022-33733

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.

Data is provided by the National Vulnerability Database (NVD)
SamsungCharm Version < 1.2.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.05% 0.17
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 3.3 1.8 1.4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mobile.security@samsung.com 6.2 2.5 3.6
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-927 Use of Implicit Intent for Sensitive Communication

The Android application uses an implicit intent for transmitting sensitive data to other applications.